Showing 943 of 943 total issues
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-8048
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/144
Solution: upgrade to >= 2.2.1
Nokogiri gem contains two upstream vulnerabilities in libxslt 1.1.29 Open
nokogiri (1.6.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-5029
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1634
Solution: upgrade to >= 1.7.2
RuboCop gem Insecure use of /tmp Open
rubocop (0.42.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-8418
Criticality: Low
URL: https://github.com/bbatsov/rubocop/issues/4336
Solution: upgrade to >= 0.49.0
httparty has multipart/form-data request tampering vulnerability Open
httparty (0.14.0)
- Read upRead up
- Exclude checks
Advisory:
Criticality: Medium
URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42
Solution: upgrade to >= 0.21.0
i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS Open
i18n (0.7.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2014-10077
URL: https://github.com/svenfuchs/i18n/pull/289
Solution: upgrade to >= 0.8.0
Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open
nokogiri (1.6.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-5477
Criticality: Critical
URL: https://github.com/sparklemotion/nokogiri/issues/1915
Solution: upgrade to >= 1.10.4
Injection/XSS in Redcarpet Open
redcarpet (3.3.4)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26298
Criticality: Medium
URL: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
Solution: upgrade to >= 3.5.1
Regular Expression Denial of Service in Addressable templates Open
addressable (2.4.0)
- Read upRead up
- Exclude checks
Advisory: CVE-2021-32740
Criticality: High
URL: https://github.com/advisories/GHSA-jxhc-q857-3j6g
Solution: upgrade to >= 2.8.0
Prototype pollution attack through jQuery $.extend Open
jquery-rails (4.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11358
Criticality: Medium
URL: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
Solution: upgrade to >= 4.3.4
Loofah XSS Vulnerability Open
loofah (2.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-16468
Criticality: Medium
URL: https://github.com/flavorjones/loofah/issues/154
Solution: upgrade to >= 2.2.3
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities Open
nokogiri (1.6.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2018-14404
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/issues/1785
Solution: upgrade to >= 1.8.5
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.6.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-15412
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.2
Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open
nokogiri (1.6.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2017-16932
URL: https://github.com/sparklemotion/nokogiri/issues/1714
Solution: upgrade to >= 1.8.1
Inefficient Regular Expression Complexity in rails-html-sanitizer Open
rails-html-sanitizer (1.0.3)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-23517
Criticality: High
URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w
Solution: upgrade to >= 1.4.4
Potential XSS vulnerability in jQuery Open
jquery-rails (4.1.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-11023
Criticality: Medium
URL: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released
Solution: upgrade to >= 4.4.0
Integer Overflow or Wraparound in libxml2 affects Nokogiri Open
nokogiri (1.6.8.1)
- Read upRead up
- Exclude checks
Advisory:
Criticality: High
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-cgx6-hpwq-fhv5
Solution: upgrade to >= 1.13.5
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities Open
nokogiri (1.6.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-13117
URL: https://github.com/sparklemotion/nokogiri/issues/1943
Solution: upgrade to >= 1.10.5
Nokogiri gem, via libxslt, is affected by improper access control vulnerability Open
nokogiri (1.6.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2019-11068
URL: https://github.com/sparklemotion/nokogiri/issues/1892
Solution: upgrade to >= 1.10.3
Nokogiri::XML::Schema trusts input by default, exposing risk of an XXE vulnerability Open
nokogiri (1.6.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2020-26247
Criticality: Low
URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
Solution: upgrade to >= 1.11.0.rc4
Denial of Service (DoS) in Nokogiri on JRuby Open
nokogiri (1.6.8.1)
- Read upRead up
- Exclude checks
Advisory: CVE-2022-24839
Criticality: High
URL: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv
Solution: upgrade to >= 1.13.4